Option allowing openid for auth into /admin (django.contrib.admin)

README.txt

@@ -115,3 +115,12 @@ By default, redirecting back to an external URL after auth is forbidden. To perm
 
 and redirects to external URLs on those domains will additionally be permitted.
 
+== Use as /admin (django.admin.contrib) login ==
+
+If you require openid authentication into the admin application, add the following setting:
+
+        OPENID_USE_AS_ADMIN_LOGIN = True
+
+It is worth noting that a user needs to be be marked as a "staff user" to be able to access the admin interface.  A new openid user will not normally be a "staff user".  
+The easiest way to resolve this is to use traditional authentication (OPENID_USE_AS_ADMIN_LOGIN = False) to sign in as your first user with a password and authorise your 
+openid user to be staff.

django_openid_auth/__init__.py

@@ -2,6 +2,7 @@
 #
 # Copyright (C) 2007 Simon Willison
 # Copyright (C) 2008-2009 Canonical Ltd.
+# Copyright (C) 2010 Dave Walker
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions
@@ -26,3 +27,26 @@
 # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
 # ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 # POSSIBILITY OF SUCH DAMAGE.
+
+""" Support for allowing openid authentication for /admin (django.contrib.admin) """
+
+from django.conf import settings
+
+if getattr(settings, 'OPENID_USE_AS_ADMIN_LOGIN', False):
+    from django.http import HttpResponseRedirect
+    from django.contrib.admin import sites
+    from django_openid_auth import views
+
+    def _openid_login(self, request, error_message='', extra_context=None):
+        if request.user.is_authenticated():
+            if not request.user.is_staff:
+                return views.render_failure(request, "User %s does not have admin access." 
+                    % request.user.username)
+            return views.render_failure(request, "Unknown Error: %s" % error_message)
+        else:
+            # Redirect to openid login path,
+            return HttpResponseRedirect(settings.LOGIN_URL+"?next="+request.get_full_path())
+        
+    # Overide the standard admin login form. 
+    sites.AdminSite.display_login_form = _openid_login
+

django_openid_auth/tests/test_views.py

@@ -130,17 +130,20 @@ class RelyingPartyTests(TestCase):
         self.old_update_details = getattr(settings, 'OPENID_UPDATE_DETAILS_FROM_SREG', False)
         self.old_sso_server_url = getattr(settings, 'OPENID_SSO_SERVER_URL')
         self.old_teams_map = getattr(settings, 'OPENID_LAUNCHPAD_TEAMS_MAPPING', {})
+        self.old_use_as_admin_login = getattr(settings, 'OPENID_USE_AS_ADMIN_LOGIN', False)
 
         settings.OPENID_CREATE_USERS = False
         settings.OPENID_UPDATE_DETAILS_FROM_SREG = False
         settings.OPENID_SSO_SERVER_URL = None
         settings.OPENID_LAUNCHPAD_TEAMS_MAPPING = {}
+        settings.OPENID_USE_AS_ADMIN_LOGIN = False
 
     def tearDown(self):
         settings.OPENID_CREATE_USERS = self.old_create_users
         settings.OPENID_UPDATE_DETAILS_FROM_SREG = self.old_update_details
         settings.OPENID_SSO_SERVER_URL = self.old_sso_server_url
         settings.OPENID_LAUNCHPAD_TEAMS_MAPPING = self.old_teams_map
+        settings.OPENID_USE_AS_ADMIN_LOGIN = self.old_use_as_admin_login
 
         setDefaultFetcher(None)
         super(RelyingPartyTests, self).tearDown()

example_consumer/settings.py

@@ -127,3 +127,6 @@ OPENID_SSO_SERVER_URL = 'https://login.launchpad.net/'
 # Tell django.contrib.auth to use the OpenID signin URLs.
 LOGIN_URL = '/openid/login/'
 LOGIN_REDIRECT_URL = '/'
+
+# Should django_auth_openid be used to sign into the admin interface?
+OPENID_USE_AS_ADMIN_LOGIN = False